Scripting around the lack of user:password@domain url functionality in jscript/IE

0

I currently have a jscript that runs a PHP script on a server for me. But I want to be at least somewhat secure so I setup a login. Now if I use the regular user:password@domain system it won't work; IE decided it was a security issue. And if I let IE remember the password, it pops up a security message confirming my login every time (which kills the point of the button).

So I need a way to make the security message go away.

  • I could lower security settings, which I am fine with, but nothing seems to make it go away. Maybe there's some registry setting to change?

  • Find a fix for jscript that will let me use a password in the url. There used to be a regedit that worked for older systems which allowed IE to use url passwords (not working on my 64bit windows7 setup) though I doubt that'd have helped jscript anyways (since it outright crashes).

  • Use an app other than IE. In which case I'm not sure how to go about it. I want it to be responsive and invisible so IE was a good choice. It is near instant.

  • Use XMLHttpRequest instead of IE directly? May even be faster but I've no idea if it'd help or just have the same error.

  • Use a completely different approach. Maybe some app that can script website browsing.

Here's my jscript:

var args = {};

var objIEA = new ActiveXObject("InternetExplorer.Application");
if( WScript.Arguments.Item(0) == "pause" ){
    objIEA.navigate("http://domain/index.html?pause");
}
if( WScript.Arguments.Item(0) == "next" ){
    objIEA.navigate("http://domain/index.html?next");
}
objIEA.visible = false;
while(objIEA.readyState != 4) {}
objIEA.quit();

Ambiwlans

Posted 2010-04-24T05:41:07.830

Reputation: 383

unrelated, but: switch/case would be much better than many if's. – user1686 – 2010-04-24T16:48:02.487

Answers

3

wget:

wget --user=someuser --password=somepass -O nul: "http://domain/index.html?next"

-O nul: is to avoid creating an useless index.html.

In a .cmd script, use "http://domain/index.html?%~1".

curl:

curl -x someuser:somepass "http://domain/index.html?next" > nul:

Python with urllib:

#!/usr/bin/perl
import sys, urllib
action = sys.argv[1]
urllib.urlopen('http://user:pass@domain/index.html?'+action)

Perl with LWP::UserAgent:

#!/usr/bin/perl
use LWP::UserAgent;
my $action = $ARGV[0];
my $ua = LWP::UserAgent->new;

## Make sure you set the correct realm!
$ua->credentials(
    'domain:80',
    'realm',
    'user' => 'password'
);

$ua->get('http://domain/index.html?'.$action);

user1686

Posted 2010-04-24T05:41:07.830

Reputation: 283 655

Thanks, curl did exactly what I wanted. Lame that it doesn't have a run in background option for windows. But if I run it from Autohotkey it will hide it anyways <3. I might bother making an installer for curl + dlls + taskbarshortcuts + ahk script. Otherwise i'm pretty sure no one else will end up using it. – Ambiwlans – 2010-04-27T06:04:42.827

Asked: 2010-04-24T05:41:07.830

Viewed: 489 times

Active: 2013-08-29T19:07:34.650